Token device re-synchronization through a network solution

ABSTRACT

A system is illustrated as including a One-Time Password (OTP) device operatively coupled to a computer system to receive data, and a server operatively coupled to the computer system via a network connection. A method is illustrated as including receiving and verifying credentials of a user accessing the site. In response to verifying the user, a request is transmitted to an authentication server for a first token value corresponding to the user. The first token value is received from the authentication server. The first token value is displayed to the user. The first token value is displayed at the same time as part of a list with other token values to the user. The user compares the list of token values to a token value generated by a password device to determine whether the token value generated by the password device is included in the list of token values.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims the benefit of priorityto U.S. patent application Ser. No. 14/015,895, filed on Aug. 30, 2013,which is a continuation of U.S. patent application Ser. No. 11/620,321filed Jan. 5, 2007, now U.S. Pat. No. 8,543,829, both which areincorporated by reference herein in their entirety.

TECHNICAL FIELD

The present application relates generally to the technical field ofonline security and, in one specific example, the use of a doubleOne-Time-Password (OTP) token in the course of authenticating a user anda website during the course of conducting online transactions.

BACKGROUND

OTP tokens are used to verify the identity of a user of, for example, ane-commerce site, banking site, or other site that requires verification.The verification operation works by taking password values from twoseparate but synchronized clocks, and comparing these values. In someinstances, a clock may reside on a hand held device, while a secondclock may reside on a third-party authentication server. This type ofverification uses passwords based upon clocks or “Synchronized One-TimePasswords.” The hand held devices can include devices such as key fobs,Personal Digital Assistants (PDA), or cell phones. The time synchronizedpasswords are known as tokens, or OTP tokens.

OTP tokens are commonly used to verify the identity of the holder of thesecurity token. For example, in the e-commerce context, the holder of anOTP token value may use this token to verify their identity, and oncethis identity is verified, the holder is able to purchase goods andservices from the site. While OTP tokens are effective at verifying theidentity of the token holder, they are not effective at verifying theidentity of, for example, the site with which the token holder istransacting business. This type of verification is necessary in casesof, for example, phishing attacks and other types of e-commerce fraud.Phishers attempt to fraudulently acquire sensitive information, such aspasswords and credit card details, by masquerading as a trustworthyperson or business in an electronic communication. Phishing is typicallycarried out using email or an instant message.

BRIEF DESCRIPTION OF THE DRAWINGS

Some embodiments are illustrated by way of example and not limitation inthe figures of the accompanying drawings in which:

FIG. 1 is a block diagram illustrating an example system for two-factorauthentication.

FIG. 2 is an interface diagram illustrating an example GUI in the formof a web page.

FIG. 3 is a dual stream flowchart illustrating an example method fortwo-factor authentication.

FIG. 4 shows a perspective, side and front views of an example dual OTPkey fob.

FIG. 5 is a schematic of various example hardware and softwarecomponents that may be used to create a dual OTP key fob.

FIG. 6 is a network diagram describing the initiation of a TransmissionControl Protocol/Internet Protocol connection by a dual OTP token devicewith a secured verification site.

FIG. 7 is a network diagram illustrating the updating of a clock time ona dual OTP token device.

FIG. 8 is a flow chart illustrating an example method applied in theupdating of a clock time on a dual OTP token device.

FIG. 9 is a flowchart illustrating the various sub-modules that make upan example method underlying the above described module.

FIG. 10 is a flowchart illustrating second example method fortwo-factor-authentication illustrated.

FIG. 11 is a flowchart illustrating an example method for generating twoOTP tokens using a device.

FIG. 12 is a flowchart illustrating an example method for generating twoOTP tokens using a token generation algorithm.

FIG. 13 is a schematic diagram illustrating an example platformarchitecture.

FIG. 14 shows a diagrammatic representation of a machine in the exampleform of a computer system.

DETAILED ILLUSTRATION

Example methods and systems to further online security are described. Inthe following illustration, for purposes of explanation, numerousspecific details are set forth in order to provide a thoroughunderstanding of example embodiments. It is evident, however, to oneskilled in the art that the present invention may be practiced withoutthese specific details.

The leading digit(s) of reference numbers appearing in the Figuresgenerally corresponds to the Figure number in which that component isfirst introduced, such that the same reference number is used throughoutto refer to an identical component which appears in multiple Figures.Signals and connections may be referred to by the same reference numberor label, and the actual meaning is clear from its use in the context ofthe illustration.

In some embodiments, a user (e.g., Alice) utilizes a double OTP tokendevice that has one or more buttons to generate one or more OTP tokens.In one embodiment, this dual OTP token device is, in effect, twoentirely separate security keys contained in one device. As is morefully described below, these tokens, however, are generated using thesame internal clock. The operation for using this double OTP tokendevice can be described as follows. Alice goes to a secure site such asEBAY™ (e.g., www.ebay.com). She enters her username and password on thesite's main page. The site verifies the credentials and sends a requestto a third-party authentication site such as, for example, VERISIGN™,for what is Alice's first current OTP token value. The third-partyauthentication site returns a value (e.g., 123456). The site presentsthis value to Alice, along with some other six-digit randomly chosennumbers, along with a message requesting Alice to obtain a token valuefrom her dual OTP token device (e.g., Alice need to press the blackbutton on her device). Alice obtains the value and sees 123456. Aliceverifies that this number appears in the list of numbers displayed bythe site. Next, Alice obtains the second OTP token value by, forexample, pressing the white button. Once this value is obtained, sheenters it into a text box or other input object/widget on the site's webpage. The site then sends this value to the third-party authenticationsite for verification. If the second token value is verified, then thethird-party authentication site returns a “yes” indication to the site,and Alice is free to transact business with the site. As is discussedmore fully below, the use of these two tokens is an example of atwo-factor-authentication system.

FIG. 1 is a block diagram showing an example system 100. Some exampleembodiments may include a set 101 containing a variety of devices thatcan be used to generate two OTP tokens using one clock synchronized witha clock residing on a third-party authentication server. These devicesfacilitate two-factor-authentication via using a combination of a sharedsecret in the form of two (2) unique serial numbers used in combinationwith a clock value synchronized with an authentication web site andservers operating thereon. A double OTP token device may include devicessuch as a Personal Digital Assistant (PDA) 102, a cell phone 103, or adual OTP key fob 104. A user 106 using a computer system 105 enterstheir password and identification information into a web page. Thisinformation is sent via a network connection 107 to a site 113. Once theuser's password and identification values are verified, a web page 108is displayed to the user 106 via the computer system 105.

This web page 108 may contain at least two fields. A first field (e.g.,prompt 109) contains a series of OTP token values which may be six-digitvalues, seven-digit values, eight-digit values, or some other suitablesize token. These values are actual OTP token values, whereas in otherembodiments some of these values are pseudo-OTP token values appearingin combination with authentic OTP token values. A second field (e.g.,prompt 110) of this web page 108 contains a text box, drop-down menu,object, or widget where a user 106 can enter or select a token value. Auser 106 may review the first field of the web page 108 to determinewhether one of the displayed token values corresponds to one of the twovalues displayed on one of the members of the set 101. Once a user 106verifies that this value exists in this first field, the user 106 maythen look for a second value presented in one of the members of the set101 to enter into the textbox or other input object, contained in thesecond field of the web page 108. Once the user 106 enters this secondtoken value, the second token value is sent to the site 113 forverification (see e.g., 111).

The second token value is then compared to token values received from asecured verification site 112 (e.g., the site of the third-partyauthentication server). This secured verification site 112 usesasymmetric encryption (e.g., Rivest, Shamir and Adleman (RSA)encryption), symmetrical encryption (e.g., Advanced Encryption Standard(AES) encryption), or a hybrid encryption (Hybrid-Crypto) system. Threeor more tokens may be returned from the secured verification site 112 tothe site 113. If the verification of the second OTP token value issuccessful, then the user 106 is allowed to proceed with thetransaction. (See e.g., 114)

A Three-Tier Architecture

An example embodiment may be a distributed or non-distributed softwareapplication designed under a three-tier software architecture paradigm,whereby the various modules of computer code that make up applicationcan be categorized as belonging to one or more of these tiers. The firsttier is an interface level that is relatively free of applicationprocessing. The second tier is a logic level that performs processing inthe form of logical/mathematical manipulations (logical manipulations)of data inputted through the interface level, and communicates theresults of these logical manipulations with the interface and/or backendor storage level. These logical manipulations may relate to certainbusiness rules or tasks that govern the application as a whole. Theselogical manipulations and associated business rules include rules tofacilitate the verification of two or more OTP tokens via one or moreweb pages (e.g., web page 108). More to the point, the logic level helpsto establish a two-factor-authentication system whereby a user (e.g.,user 106) is asked to meet the “what you have” or “what you are” factorby providing a valid OTP token value to an authenticating third party(e.g., secured verification site 112) and the “what you know” factor bymatching a second OTP token value to those values provided by thethird-authenticating party. The storage level is a persistent storagemedium or non-persistent storage medium. One or more of these tiers maybe collapsed into another, resulting in a two-tier architecture, orone-tier architecture. For example, the interface and logic levels maybe consolidated, or the logic and storage level may be consolidated, asin the case of an application with an embedded database. This three-tierarchitecture may be implemented using one technology, or as is discussedbelow, a variety of technologies. These technologies may include one ormore object-oriented programming languages such as, for example, Java™,C++, Delphi™, C#™, or the like. Additionally, structured programminglanguages such as, for example, C may also be used. Moreover, scriptinglanguages such as, for example, Perl, Python, PHP, JavaScript orVBScript™ may also be used. This three-tier architecture, and thetechnologies through which it is implemented, can be implemented in twoor more computers organized in a server-client relationship, as is wellknown in the art, such that an interface level resides on a clientcomputer, whereas a logic level resides on the application server (seebelow) and the storage level resides on a database server (see below).Moreover, these three tiers can be distributed between two or morecomputers organized in a peer-to-peer configuration whereby, forexample, the storage level is distributed across a plurality of computersystems. Put another way, these three levels may be distributed betweenthe two or more computers.

An Interface Level

A further example embodiment may be implemented using a client-soarchitecture, and using a client-based application (e.g., a browserapplication or a programmatic client application). Some well-knownclient-based browser applications include NETSCAPE™, INTERNET EXPLORER™,MOZILLA FIREFOX™, OPERA™, or some other suitable browser application.Common to these browser applications is the ability to utilize aHyperText Transfer Protocol (HTTP) or Secured Hyper-Text TransferProtocol (HTTPS) to get, upload (e.g., PUT) or delete web pages andinterpret these web pages, which are written in a hyper-text mark-uplanguage (HTML) and/or an Extensible-Mark-up Language (XML). HTTP andHTTPS are well known in the art, as are HTML and XML. HTTP and HTTPS maybe used in conjunction with a Transmission Control Protocol/InternetProtocol (TCP/IP) as described in the Open Systems Interconnection (OSI)model, or the TCP protocol stack model, both of which are well known inthe art. The practical purpose of the client-based browser applicationis to enable a user to interact with the application through the displayof plain text, and/or interactive dynamic functionality in the form ofbuttons, text boxes, scroll down bars or other objects contained on oneor more web pages constructed using the aforementioned HTML and/or XML.

Web pages may be static or dynamic in nature. Those that are statictypically display text as one would see it on a printed, physical page.Dynamic web pages, however, are interactive and allow for a user toinput data, query data, and/or modify data just to name a few of thefunctionalities associated with dynamic web pages. The dynamic nature ofweb pages is a product of the use of the other technologies incombination with HTML and/or XML.

Java Server Page (JSP™), or Active Server Pages (ASP™ or ASP.NET™)(collectively server pages) may be used to provide a user with dynamicweb pages or content via their web browser. Additional technology in theform of an additional program (e.g., routine) written in anotherprogramming language is embedded into the HTML and/or XML code, allowingfor web pages to become dynamic. Some of these additional technologiesinclude, for example, embedded routines written in the JAVA programminglanguage, the JavaScript™ language, or the VB SCRIPT programminglanguage or some other suitable programming language. These embeddedroutines are used to execute the aforementioned HTTP, HTTPS requests(e.g., GET, PUT, and DELETE) for web pages. Various types of programmingstructures such as branches, loops and other types of logic structuresare used in such routines. These routines may allow a user to log in andrequest content to upload or download. For example, a GUI is used and isimplemented via a Java Servlet, Applet, or VBScript or C# form, or someother suitable programming language. As is discussed below, web pagescontaining GUIs are stored at the logic level, but executed at theinterface level via a web browser. These server pages contain objectssuch as text boxes, buttons, scroll-down bars, or some other suitabledynamic interface object. These objects, and the routines governingthem, allow a user to retrieve, input, or delete content, just to namefew of the functions. For example, a user is prompted with a login pagerequesting username and password information to be entered into two ormore text boxes. Once the data entered into the text boxes is verified,a second, new web page is requested, interpreted and displayed in thebrowser application. The verification of the login information wouldtake place at the logic level outlined below.

In some embodiments, once login and user ID information is verified, theuser may be sent one or more web pages containing OTP token valuesand/or text boxes or other objects, and widgets into which to input orselect OTP token values. For example, a user is prompted with a web pagecontaining one or more fields, including a first field with a list offirst OTP token values, and a second field with a text box, or otherobject, widget into which to enter a second OTP value. Two or more webpages may be used, instead of one web page (e.g., 108), to display andenter OTP token values.

FIG. 2 is a user interface diagram illustrating an example GUI 201, inthe form of a web page 108. It will be appreciated that the GUI 201 maybe generated utilising any one of a number of other technologies, suchas Asynchronous JavaScript and XML (AJAX), Adobe FLASH etc. Illustratedis a list 202 of values to match with a first token. These values arethemselves OTP token values generated by a secured verification site112, or, in some embodiments, a site 113 and the servers used tomaintain each of these respective sites. A user, such as user 106, maygenerate their own first OTP token values using, for example, one of thedevices 101 and compare a first one of these OTP token values to thevalues on the list 202. Also illustrated is a text box 203 wherein auser, such as user 106, may input a second OTP token value generated byone of the devices 101. Once entered, a send token button 204 isexecuted. Collectively the list 202 and text box 203 allow for twofactor authentication, for the list 202 allows for a web site (e.g.,113) to prove the “what you have” or “what you are” factor by providinga valid OTP token value to a user (e.g., 106), and the “what you know”factor is proven by the user via inputting an OTP token value into thetext box 203 and sending it to the site 113 or 112.

Logic Level

The above described Servlets, Applets, and/or VBScript forms may bestored as a JSP™, or ASP™ on one or more remote server computersconnected to the client computer via an Internet. These remote serverscan be a web browser and/or application server. Web servers running JSP™can include the APACHE™/APACHE TOMCAT™ web server. Web servers runningASP™ can include a MICROSOFT WINDOW WEB SERVER 2003™. Applicationservers running JSP™ can include ORION APPLICATION SERVER™ or otherJ2EE™ certified application servers. Application servers running ASP™can include WINDOWS SERVER 2003™.

The logic level may be governed by a scripting language that controlshow and when certain web pages or pieces of content are provided to, ormade accessible to, a particular user. This scripting language can be inthe form of Java, Perl, Python, or some other general purpose scriptinglanguage. For example, once the logic of a JSP™ determines that aparticular object (e.g., a text box) on a web page has been executed(e.g., a username and password has been entered and sent), the data fromthis text box is inputted and sent to a web or application server. It isthe routine written in a scripting language that determines whether, forexample, the username and password are valid. The routine written in ascripting language may serve to retrieve data from a storage, datastructure, or data base level. The storage level may be run by aseparate database application, while in other embodiments a databaseembedded with a logic level is implemented.

FIG. 3 is a dual stream flowchart illustrating an example method 300 fortwo-factor authentication. Illustrated is a module 301 and 302 residingon one or more of the devices 101. The module 301 generates two or moreclock values from a shared clock. Once these values are generated, thena passed to the module 302 wherein they are hashed using a hashingfunction (see below description of hashing function) into two or moreOTP token values. One of these OTP token values (e.g., a third OTP tokenvalue) is provided to a computer system 105 by, for example, a user 106inputting the value through some type of port connection (e.g., aUniversal Serial Bus (USB)). Module 303 receives third OTP token valuesvia, for example, the USB port. By providing this third OTP token value,one of the two factors of authentication may be met. In someembodiments, this OTP token value is passed to a module 304 thattransmits this third OTP token value to a module 308 residing on a sitesecured verification site 113 and the servers managing this site. Alsoillustrated are modules 305, 306, and 307 that are a part of securedverification site 112 and the servers that manage this site. Module 305,like module 301, generates two or more clock values that are passedthrough a module 306 wherein a hashing function is applied to generateOTP token values (e.g., a first and second OTP token value). These OTPtoken values are then passed to a module 307 for transmission across anetwork (e.g., an Internet) to a module 308 that receives not only thethird OTP token value, but also, the first and second OTP token values.Once these various OTP token values (e.g., the first, second and thirdOTP token values) are received, they are passed onto a module 309 forcomparison, wherein the values of the second and third OTP tokens arecompared, and where found to be synchronized, a verification or, in somecases a non-verification signal where non-synchronization occurs, ispassed to the module 310. In some embodiments, the module 309 de-hashes(e.g., uses reverse hashing) the OTP token values it receives and oncede-hashed the resulting clock values are compared for a determination asto whether the values are synchronized. In some embodiments, it is thesite 113 that executes the module 309, whereas in other embodiment it isthe secured verification site 112 that executed this module 309.

Storage Level

A storage level may be implemented whereby tables of data are created,and data is inserted into, and selected from, these tables using astructured query language (SQL) or some other database-related languageknown in the art. These tables of data can be managed using a databaseapplication such as, for example, MYSQL™, SQLSERVER™, Oracle 9I™ or10G™, or some other suitable database application. These tables areorganized into a Relational-Database Schema (RDS) orObject-Relational-Database Schemas (ORDS), as is known in the art. Theseschemas can be normalized using certain normalization algorithms so asto avoid abnormalities such as non-additive joins and other problems.These normalization algorithms include Boyce-Codd Normal form or someother normalization, optimization algorithm known in the art. Forexample, some embodiments may include username and associated passwordinformation being stored together such that the scripting routine cancompare the inputted, received username and password information to thatdata stored in the database. The secured verification site 112 may havea number of tables containing one or more serial numbers for aparticular double OTP token device and the associated clock value, andclock cycle setting for a particular device. These tables may be abletrack whether a particular device has been activated. This tracking isbased upon the unique serial number or numbers of the particular device.

Distributed Computing Modules

In some embodiments, remote procedure calls are used to implement one ormore of the above described levels of the three-tier architecture acrossa distributed programming environment. For example, a logic levelresides on a first computer system that is remotely located from asecond computer system containing an interface or storage level. Thesefirst and second computer systems can be configured in a server-client,peer-to-peer or some other suitable configuration. These various levelscan be written using the above described component design principles,and can be written in the same programming language, or a differentprogramming language. Various protocols may be implemented to enablethese various levels, and components contained therein, to communicateregardless of the programming language used to write these components.For example, a module written in C++ using COBRA or SOAP can communicatewith another remote module written in Java™. These protocols includeSimple Object Access Protocol (SOAP), and the Common Object RequestBroker Architecture (CORBA) or some other suitable protocol. Theseprotocols are well-known in the art.

A System of Transmission Between a Server and Client

Example embodiments may use the OSI or TCP/IP protocol stack models fordefining a network across which to pass data. Applying these models, asystem of data transmission between a server and client computer systemcan be described as a series of roughly five layers comprising a:physical layer, data link layer, network layer, transport layer andapplication layer. The various levels (e.g., the interface, logic andstorage levels) reside on the application layer of the TCP/IP protocolstack. The present application may utilize HTTP to transmit contentbetween the server and client applications, whereas in other embodimentsanother protocol known in the art is utilized. Content from anapplication residing at the application layer is loaded into the dataload field of a TCP segment residing at the transport layer. This TCPsegment also contains port information for a recipient applicationresiding remotely. This TCP segment may be loaded into the data field ofan IP or User Datagram Protocol (UDP) datagram residing at the networklayer. Next, this IP datagram is loaded into a frame residing at thedata link layer. This frame is then encoded at the physical layer andthe content transmitted over a network such as an Internet, LAN or WAN.Internet refers to a network of networks. Such networks may use avariety of protocols for exchange of information, such as TCP/IP,Asynchronous Transfer Mode (ATM), etc., and may be used within a varietyof topologies or structures. This network may include a Carrier SensingMultiple Access Network (CSMA) such an Ethernet based network.

Double OTP Token Device: Dual OTP Key Fob

FIG. 4 shows perspective, side and front views of an example dual OTPkey fob 400. In some embodiments, a screen 401 displays a first OTPtoken. A second screen 402 displays a second OTP token. A button 403 mayallow an OTP token value to be displayed to a screen 401. A button 404may allow a second OTP token value to be displayed to a screen 402. Someembodiments may include the color coding of the buttons 403 and 404 todenote a first button and a second button. For example, button 403 maybe black, while button 404 could be white. A key ring 405 allows thedual OTP key fob 400 to be operatively coupled to a key chain or otherconvenient means of carrying the fob. Some embodiments may include a USBplug 406. Illustrated in FIG. 4 is a side view showing button 403, keyring 405, and USB plug 406. Also illustrated is a top-down view showingscreens 401, 402, buttons 403, 404, key ring 405, and USB plug 406. DualOTP key fob 104 is an example of dual OTP key fob 400.

FIG. 5 is an example schematic 500 of various hardware and softwarecomponents that can be used to create a dual OTP key fob 400. Thesevarious components can all be hardware, whereas, in other embodiments,these components can all be software, firmware, or these components canbe a combination of the aforementioned. A CPU 501 may be used to performvarious mathematical operations. Contained within the CPU 501, forexample, are various adders and multipliers, or only adders, or onlymultipliers. CPU 501 is able to process a 20 bit, 21 bit or some othersuitable size word. The CPU 501 is operatively coupled to a battery 502.A battery 502 may be a rechargeable battery, whereas, in otherembodiments, it may be a disposable battery. The CPU 501 and battery 502are connected via a bus 514. The CPU 501 is operatively coupled via abus 514 to a piece of memory 504. The memory 504 is used to store valuesderived from a clock 503, whereas in other embodiments this memory isused to store OTP token values. These values can be one or moresequential clock values (e.g., integers) or serial clock values, orthese values can be serial clock values or sequential clock values thathave been hashed via a hashing function 516 that is also operativelycoupled to both the CPU 501 and the clock 503. This memory 504 can alsocontain various input/output drivers 505 and/or the aforementionedhashing function 516. This memory 504 can be of some suitable sizeincluding, for example, a 64 kilobyte or megabyte memory, a 128 kilobyteor megabyte memory, or a 256 kilobyte or megabyte memory, or some othersuitable memory size. This memory size may be contingent upon whetheradditional memory is needed to use the device to store data (e.g., datafiles, media files), in addition to, OTP token values. Variousinput/output drivers 505 are operatively coupled via a bus 514 to a CPU501. These input/output drivers 505 are then operatively coupled tovarious input/output devices via various buses 514. An optional USB plug515 is connected to the input/output drivers 505. The USB plug 515 mayprovide power to recharge the battery 502. Additionally, through thisUSB plug 515, clock synchronization takes place between a clock 503 as apart of the device and a clock located remotely as a part of, forexample, an authentication server. Other types of data transfer andsynchronization can take place via the USB plug 515. In lieu of, or inaddition to, the USB plug 515, a BLUE TOOTH™ transmitter/receiver 517may be implemented to allow for the wireless transfer of data between adual OTP key fob 400, and, for example, an secured verification site112. In cases where the BLUE TOOTH™ transmitter/receiver 517 isimplemented, the transfer of data (e.g., clock data) is facilitatedthrough the use of a computer system 105 that receives data from thedual OTP key fob via the BLUE TOOTH™ transmitter and receiver 517, andthen transmits this data via a network interface device operativelycoupled to the computer system 105 (see below description of thecomputer system). A first screen 506 may be operatively coupled to theinput/output drivers 505. A second screen 507 is operatively coupled tothe input/output drivers 505 via a bus 514. In some embodiments, onlyone screen (e.g., 506 or 507), is operatively coupled to theinput/output drivers 505 (not illustrated). Example embodiments mayfurther include the screen 506 and/or 507 as having liquid crystaldisplays, whereas in other embodiments they are another type of suitabledisplay including, but not limited to, a color screen, a monochromescreen or some other suitable screen. The buttons 508 and 509 (e.g., abiased switches) may be operatively to the input/output drivers 505 viaa bus 514. Both buttons 508 and 509 may be used in the dual OTP key fob500, whereas in other embodiments only one button (e.g., 508 or 509) isused in the device. A hashing function 516 may be implemented. Thishashing function 516 is used to hash various integer or other type ofnumeric values derived from the clock 503 to which it is operativelycoupled via, for example, a bus 514. Once these values derived fromclock 503 are hashed via the hashing function 516. The hashing function516 may implement an operation 405.

Some embodiments may include a memory 504 that may be ElectricallyErasable Programmable Read-Only Memory (EEPROM), Random-Access Memory(RAM), Flash memory or some other suitable memory type. Some embodimentsmay include EEPROM where the dual OTP key fob 500 is completely powereddown, whereas if the dual OTP key fob 500 is going to continue to usememory (e.g., to power the clock 503), RAM may be preferable. Moreover,if the device is going to be used for things (e.g., storing data), inaddition to the generation and storage of tokens, then Flash memory maybe preferable.

In some embodiments, the battery 502 may be a Lithium-ion battery,Lithium-ion polymer battery, Nickel-cadmium battery, Nickel metalhydride battery, or some other suitable rechargeable battery. Further,the battery 502 may be an alkaline battery, Lithium battery,Silver-oxide battery, or some other suitable battery type. Moreover, thebattery 502 may be a 1.5 volt, 1.55 volt, 3 volt or some other batteryof a suitable voltage.

In some example embodiments, the clock 503 may be an application writtenin software and saved into the memory 504, whereas, in otherembodiments, it may be completely implemented using hardware. The valuesgenerated by the clock 503 are integer values. Where the clock 503 isimplemented in hardware, an additional software module may be needed toallow for the re-synchronization of the clock with another clockcontained on, for example, an authentication server such as the securedverification site 112. Re-synchronization may take the form of thesoftware module, compensating for the difference between the clocksignal and the clock value as reflected in the secured verification site112. In providing this compensation, the problem of token drift can beaddressed.

In some example embodiments, a BLUE TOOTH™-based transmitter/receiver517 is operatively coupled to the I/O driver 505. Thistransmitter/receiver 517 is a BLUE TOOTH™ transmitter and implements theInstitute of Electrical and Electronics Engineers (IEEE) standard802.15.1 or some other suitable protocol. Data including, for example, aclock current time request is transmitted from the transmitter/receiver517 to a BLUE TOOTH™ USB adapter operatively coupled to a USB portresiding on a computer system 105. In some embodiments, BLUE TOOTH™ 1.0,1.0B, 1.1, 1.2, or 2.0 is implemented as a part of the I/O driver 505. Aunique 48-bit address may be associated with the dual OTP token deviceallowing the device to be unique or distinguishable from other devicesusing the BLUE TOOTH™ protocol. This 48-bit address that makes up thedual OTP token device unique contains the serial number (e.g., 112346)associated with the dual OTP token device. Put another way, the 48-bitaddress is unique by virtue of the use of the serial number for the dualOTP token device being used in combination with other values.

FIG. 6 is a network diagram 600 describing the initiation of a TCP/IPconnection by a dual OTP token device 104 with a secured verificationsite 112. In some embodiments, a dual OTP token device 104 with a USBconnector 515 is inserted into the USB port of a computer system 105.Once inserted, a TCP/IP Connection 602 maybe initiated via HTTPS, orHTTP. Additionally, in some embodiments, a dual OTP device 104 with aBLUE TOOTH™ transmitter/receiver 517 is used to transmit data to andreceive data from a computer system 105 through the TCP/IP connection602. This TCP/IP connection is initiated with the secured verificationsite 112 over a network 601. In some embodiments, in lieu of a TCP/IPconnection being initiated, a UDP/IP connection is initiated by the dualOTP token device 104.

FIG. 7 is a network diagram 700 describing the updating of a clock timeon a dual OTP token device 104. In some example embodiments, a dual OTPtoken device 104 with a USB connector 615 is inserted into a computersystem 105. Once a TCP/IP connection is initiated via datagram 602, aTCP/IP datagram 701 containing a request for the current time is sentover a network 601 to a secured verification site 112. This request fora current time is denoted by packet 701 as described herein. Once thedatagram 701 is sent, a second TCP/IP datagram referenced herein as 702is sent by the secured verification site 112 across a network 701 to thecomputer system 105 and ultimately to the dual OTP token device 104,where the clock time on the dual OTP token device 104 is updated withthe current time contained in the TCP/IP datagram 702.

FIG. 8 is a flow chart illustrating a method 800 applied in the updatingof a clock time on a dual OTP token device 104. In some embodiments, auser 106 inserts the dual OTP token device 104, which contains anaccompanying USB connector 615, into a computer system 105. Onceinserted, a module 801 is automatically initiated, wherein the module801 initiates a TCP/IP connection. The initiation of a TCP/IP connectionis well known in the art. Once the TCP/IP connection is established viathe module 801, a second module 802 requests the current time from asecured verification site 112. This request for current time is sent viaa TCP/IP datagram. In some embodiments, once the secured verificationsite 112 receives the request for current time it transmits the currenttime via a second TCP/IP datagram to the computer system 105 and,ultimately, the dual OTP token device 104. In some embodiments, the dualOTP token device 104 receives the current time via a module 803 andthen, in turn, implements or executes a module 804 to update the clockresiding on the OTP dual token device 104. In some embodiments, thisclock is the clock 503 referenced above.

FIG. 9 is a flowchart illustrating the various sub-modules that make upa method 900 underlying the above referenced module 802. In someembodiments, a module 901 sends a current time request via a TCP/IPdatagram to a specific port or socket located on the securedverification site 112. A module 902 residing on the secured verificationsite 112 receives the request for the current time. Once this request isreceived, a third module 903 is executed that transmits the current timeto a port or socket located on the computer system 105. Thistransmission is across a network 701, such as an internet, and istransmitted via a TCP/IP datagram. Once this TCP/IP datagram containingthe current time is received, the clock 503 is updated.

Example Use Case

FIG. 10 is a flowchart illustrating a second example method 1000 fortwo-factor-authentication. In some embodiments, a user 106 uses anoperation 1002 to send password and ID information to an site via, forexample, a web page 108. This password and ID information is verifiedvia a verifier 1003 such as a site 113. If the password or the ID isunverified, then the user is re-prompted to enter correct password andID information. If the password and ID are correct, then at operation1004 the site 113 prompts the user with a web page 108 that allows theuser to both review OTP token values, and enter OTP token values intothe web page. To obtain OTP token values the user uses an operation 1005wherein the user activates a double OTP token device (e.g., cell phone103, PDA 102, or dual OTP key fob 104).

The user may then decide if the first token displayed on the double OTPtoken device is displayed on the web page 108 provided by operation1004. If the value is not displayed on the web page 108, the user 106may reinitiate the operation 1005 via an operation 1011 to obtainadditional tokens using the double OTP token device.

The user 1001 may then determine that the site 113 has not beenauthenticated (e.g., according to the two-factor-authentication system,they have failed to prove the first factor: “what you (they) are”), andmay cease the attempt to authenticate. If the value is on the web page108, then the user is forwarded to operation 1007.

A decisional operation value 1006 is used to allow the user to determinewhether or not the value is contained on the web page 108 or not.Operation 1007 allows the site 113 to send or forward a web page 108 toa user 106 to prompt the user 106 to enter in a second OTP token valuetaken from the double OTP token device. In terms of thetwo-factor-authentication system, this may allow the user to prove “whatyou (they) know.” A decisional operation 1008 allows the user to eitherproceed with the transaction (e.g., the buying or selling of goods orservices), via an operation 1009 if a valid second OTP token valueexists and is entered into the web page 108 displayed via an operation1004, or the user may be re-prompted via an operation 1010 to enter in avalid second OTP value.

An operation 1007 illustrates an encryption engine. In some embodiments,this encryption engine is displayed in FIG. 7 as an encryption engine721. This encryption engine is responsible for encrypting and decryptingdata including OTP token values sent between the site 113 and thecomputer system 105 and resides, for example, on the computer system105. The encryption engine may implement a symmetric key algorithm,whereas, in other embodiments, it may implement an asymmetric keyalgorithm (e.g., un-tethered and tethered systems of encryption). Thesymmetric algorithm may implement the Advanced Encryption Standard(AES), or some other suitable encryption algorithm (e.g., DES,Triple-DES, IDEA, or Blowfish just to name a few). AES may use key sizesof, for example, 128, 192, or 256 bits. Some embodiments may include atethered or asymmetric system that utilizes a public and private key(e.g., a key pair) to encrypt and decrypt an OTP token. Some well knownasymmetric encryption algorithms include RSA, and Diffie-Hellman, justto name a few. The usefulness of a particular key size (symmetric orasymmetric) can be determined through empirical testing and/or modeling.The key size may be automatically determined by the encryption enginebased upon some type of preset size. In still other embodiments, the keysize is selected by the user to meet their particular needs.

In some example systems, a hybrid of symmetric and asymmetric encryptionis employed, a system known as a hybrid-crypto system is employed viathe operation 1007. Under this system, one or more OTP token values maybe encrypted using a symmetric key algorithm which, in turn, is thenencrypted using an asymmetric key algorithm. Applying the hybrid-cryptosystem, a site 113 receives a one or more encrypted OTP token values.These token values are de-crypted with a public key held by the site.Once de-crypted, the remaining symmetric encryption is de-crypted with asymmetric key held by the site 113. Alternatively, a public key of asymmetric key algorithm may be used as a signature to verify theidentity of the requestor of the OTP token value.

FIG. 11 is a flowchart illustrating an example method 1100 forgenerating two OTP tokens using a device. A user 106 may activate adevice in the form of a double OTP token device (e.g., cell phone 103,PDA 102, or dual OTP key fob 104) via an operation 1102. An operation1103, residing on one of these devices, is implemented wherein thedevice generates a first token value and a second token value using thesame clock mechanism. An operation 1104, again residing on one of thesedual OTP token devices, displays two OTP token values on one or morescreens. Then a decisional operation 1105 may prompt the user todetermine whether the tokens are valid. As discussed elsewhere, thevalidity of the token may be based upon whether a first OTP tokenappears on a web page 108, and whether a second OTP token is verifiedby, for example, an site 113 via a third-party authentication site (seee.g., secured verification site 112). The site 113 would itself performthe verification, in lieu of the third-party secured verification site112. If the OTP tokens are not valid, then the user is re-prompted withoperation 1103 to generate two additional new OTP token values. If thetokens are valid, then the user is allowed to continue with theoperation 1106.

FIG. 12 is a flowchart illustrating an example method 1200 to generatetwo OTP tokens using a token generation algorithm. The logic depictedinto this flow chart 1200 may be implemented in, for example, a PDA 102,cell phone 103, or dual OTP key fob 104. An operation 1201 allows theuser 1204 to activate the device. Some embodiments may includeactivation by way of a simple on/off button, touch screen, or adedicated button to generate the two OTP token values. Once the deviceis switched on, an operation 1202 allows for the initialization of thememory in the device itself.

After the initialization operation 1202, an operation 1203 may beexecuted to facilitate the generation of two or more clock values from asingle clock. These two or more of these clock values are passed throughan operation 1205 wherein an algorithm is used to convert these clockvalues into OTP token values. Then, an operation 1206 displays the firstand second OTP token value on one or more screens. Next, a decisionaloperation 1207 may be executed wherein the user, or some automatedmodule, determines whether the OTP token values are valid. If they arenot valid, then the operation 1203 is re-executed. In the alternative,an operation 1208 may be executed wherein the transaction of good orservices can be proceeded with once the OTP token values aresuccessfully verified.

In some embodiments, an operation 1203 obtains a single clock value or alist of clock values. In one embodiment, this clock value can be assimple as a numeric value (e.g., an integer value), or as complex as aseries of numeric values reflecting, for example, a date and time. Someembodiments may include a list containing these clock values thatreflects the values over a specific range of time, clock ticks, or timeincrements. This single clock value or list of clock values may berounded up the nearest cycle value (e.g., a whole integer value). Forexample, an OTP token value maybe 29.975, but the cycle value is set toincrements of 30 (e.g., 30, 60, 90, 24530, and 55660). In such anexample, a single clock value, or a list of clock values, is generatedand rounded up to, for example, 30 or 24530. Some embodiments mayinclude the single clock values being obtained, or synchronized with, anetwork connection as in the case of a PDA 103 or cell phone 104operatively coupled to a network, wherein the PDA 103 or cell phone 104receives single clock values from the network, or these devices receivea present time value that is then used to generate single clock values.

In some embodiments, the list of clock values obtained from operation1203 is passed through an algorithm denoted by operation 1205 residingon, for example, one of the aforementioned dual OTP token devices 102,103, or 104. The algorithm is applied via the operation 1205 to two ormore clock values so as to hash, encrypt or otherwise modify the clockvalues to obscure their identity. In one embodiment, a time value isgenerated by the clock and is combined with a serial number value uniqueto the dual OTP taken device. The time value and serial number (e.g., ashared secret value) values are combined with a logical or Booleanoperator such as “AND”, “XOR”, or some other suitable operator. Oncecombined, the resulting value is passed through a hashing or encryptionalgorithm contained in a function that resides in operation 1205. Thisoperation can be described as follows using an example clock value of745, and a serial number of 112346:745 v 112346=745;hashing_func(745)=242452 as a token valueThe serial number (e.g., 112346) can be divided up into two or more subvalues (e.g., 112 and 46), where each sub value is used as a serialnumber in the above described operation to generate an OTP token value.Some well known hashing algorithms include the Secure Hash Algorithm 1(SHA-1), and the Message-Digest 5 (MD5) algorithm, just to name a few.Some well know encryption algorithms include the Advanced EncryptionStandard (AES), and the Data Encryption Standard (DES). Once obscured,these values are saved into a memory.

In some embodiments, some type of encryption algorithm is used toobscure the clock values. In such an embodiment, a clock value is passedto an encryption algorithm that encrypts using, for example, symmetricencryption to obscure the clock value. This algorithm may be thepreviously referenced AES or DES. The encryption key used to encryptmay, in some cases, be the same for one of the devices of set 101, and athird-party secured verification site 112. Such a key value may beestablished at compile time.

In some embodiments, the operation 1205 generates token values basedupon a set time interval or cycle. As described herein, this timeinterval can be set by the site or by the third-party authenticationserver (see e.g., the secured verification site 112). The OTP tokenvalue that is generated may be discrete and unrelated to pre-existingtoken values (e.g., it is a time-synchronized one-time password),whereas, in other embodiments, this token is based upon previously usedor generated token values (e.g., a mathematical-algorithm-based one-timepassword or event based token).

In some embodiments, a two-factor-authentication system may use two ormore sequentially generated tokens that correspond to two or morecycles. For example, in one embodiment, a user is prompted with a webpage (see e.g., web page 108) containing an OTP token value that theuser needs to verify. Verification occurs, in one embodiment, throughthe user obtaining a single OTP token value from a dual OTP token devicethat generates a single token (see above described operation forgenerating a first token). The user then compares this first token tothe values appearing on the web page 108. After waiting one or morecycles, the user obtains a second OTP token value from a device thatgenerates a single token and inputs this second OTP token value into thesame (e.g., 108) or a different web page via a text box; drop down menuor other suitable object or widget appearing on a web page. Once thissecond OTP token value is verified the user is free to transact commerceon the site 113.

Platform Architecture

FIG. 13 is an example platform architecture 1300 diagram. A third-partyserver 1301 contains various third-party authentication software modules1304 that are operatively coupled to a network 1319. Securedverification site 112 may contain software 1304. This software 1304 may,for example, implement a symmetric, asymmetric, or a hybrid-cryptosystem. Some example embodiments may include a client machine 1302 witha web client 1305 that is also connected to a network 1319. This webclient may, for example, assist in the execution of operation 604 andthe display of a web page 108 to be used to verify OTP token values.Example embodiments may also include a client machine 1303 with aprogrammatic client application 1306 that is operatively connected to annetwork 1319 via a local area network (LAN), wide area network (WAN),Internet or other type of network connection, collectively referred toherein as 1307. This programmatic client application 1306 may, forexample, allow for the two or more OTP token values generated by adouble OTP token device (see e.g., 102, 103 and 104) to be verifiedautomatically via a USB, or other connection to, for example, anetworked system 1308. The client machines 1302 and 1303 may be computersystems 105. The network 1319 is connected to a networked system 1308.Example software and/or interfaces residing on this networked system1308 include an API server 1310, a web server or web interface 1309, anapplication server 1313 that contains various applications including,for example, an OTP Transmission Engine 1321 (e.g., to execute operation604), an OTP Comparison Engine 1322 (e.g., to execute decisionaloperation 608), an optional clock 1323 and an Encryption Engine 1320(e.g., to execute part of operation 607). Some embodiments may includethe optional clock 1323 to perform many of the same functions as thesecured verification site 112 described above, in effectively collapsingthe functionality of the secured authentication site 112 into thefunctionality of the application server 1313. A database server 1317 isoperatively coupled to one or more databases 1318, and containsinformation relating to the above described storage level.

In some embodiments, the present invention is implemented on a digitalprocessing system or computer system that includes a processor, whichmay represent one or more processors and may include one or moreconventional types of such processors (e.g., x86, x86-64), such as anAMD processor, Intel Pentium processor or other suitable processor. Amemory is coupled to the processor by a bus. The memory may be a dynamicrandom access memory (DRAM) and/or may include static RAM (SRAM). Theprocessor may also be coupled to other types of storage areas/memories(e.g., cache, Flash memory, disk, etc.), which could be considered aspart of the memory or separate from the memory.

In some embodiments, a bus further couples the processor to a displaycontroller, a mass memory or some type of computer-readable mediumdevice, a modem or network interface card or adaptor, and aninput/output (I/O) controller. The display controller may control, in aconventional manner, a display, which may represent a cathode ray tube(CRT) display, a liquid crystal display (LCD), a plasma display, orother type of suitable display device. Computer-readable medium mayinclude a mass memory magnetic, optical, magneto-optical, tape, and/orother type of machine-readable medium/device for storing information.For example, the computer-readable medium may represent a hard disk, aread-only or writeable optical CD, etc. A network adaptor card such as amodem or network interface card is used to exchange data across anetwork such as an Internet. The I/O controller controls I/O device(s),which may include one or more keyboards, mouse/trackball or otherpointing devices, magnetic and/or optical disk drives, printers,scanners, digital cameras, microphones, etc.

The present invention may be implemented entirely in executable computerprogram instructions which are stored on a computer-readable medium ormay be implemented in a combination of software and hardware, or incertain embodiments, entirely in hardware.

Embodiments within the scope of the present invention includecomputer-readable medium for carrying or having computer-executableinstructions or data structures stored thereon. Such computer-readablemedium may be any available medium, which is accessible by ageneral-purpose or special-purpose computer system. By way of example,and not limitation, such computer-readable medium can comprise physicalstorage medium such as RAM, ROM, Erasable Programmable Read-Only Memory(EPROM), CD-ROM or other optical-disk storage, magnetic-disk storage orother magnetic-storage devices, or any other medium which can be used tocarry or store desired program code means in the form ofcomputer-executable instructions, computer-readable instructions, ordata structures and which may be accessed by a general-purpose orspecial-purpose computer system. This physical storage medium may befixed to the computer system as in the case of a magnetic drive orremovable as in the case of an EEPROM device (e.g., flash memorydevice).

In some embodiments, when information is transferred or provided over anetwork or another communications connection (e.g., either hardwired,wireless, or a combination of hardwired or wireless) to a computersystem, the connection is properly viewed as a computer-readable medium.Thus, any such connection is properly termed a computer-readable medium.Combinations of the above should also be included within the scope ofcomputer-readable medium. Computer-executable or computer-readableinstructions comprise, for example, instructions and data which cause ageneral-purpose computer system or special-purpose computer system toperform a certain function or group of functions. Thecomputer-executable or computer-readable instructions may be, forexample, binaries, or intermediate format instructions such as assemblylanguage, or even source code.

In this illustration and in the following claims, a computer system isdefined as one or more software modules, one or more hardware modules,or combinations thereof, that work together to perform operations onelectronic data. For example, the definition of computer system includesthe hardware modules of a personal computer, as well as softwaremodules, such as the operating system of the personal computer. Thephysical layout of the modules is not important. A computer system mayinclude one or more computers coupled via a network. Likewise, acomputer system may include a single physical device (e.g., a mobilephone or PDA) where internal modules (e.g., a processor and memory) worktogether to perform operations on electronic data.

In some embodiments, the invention may be practiced in network computingenvironments with many types of computer system configurations,including hubs, routers, wireless Access Points (APs), wirelessstations, personal computers, laptop computers, hand-held devices,multi-processor systems, microprocessor-based or programmable consumerelectronics, network PCs, minicomputers, mainframe computers, mobiletelephones, PDAs, pagers, and the like. The invention can also bepracticed in distributed system environments where local and remotecomputer systems, which are linked (e.g., either by hardwired, wireless,or a combination of hardwired and wireless connections) through anetwork, both perform tasks. In a distributed system environment,program modules may be located in both local and remote memory-storagedevices (see below).

FIG. 14 shows an example diagrammatic representation of machine in theexample form of a computer system 1400 within which a set ofinstructions, for causing the machine to perform any one or more of themethodologies discussed herein, may be executed. In alternativeembodiments, the machine operates as a standalone device or may beconnected (e.g., networked) to other machines. In a networkeddeployment, the machine may operate in the capacity of a server or aclient machine in server-client network environment, or as a peermachine in a peer-to-peer (or distributed) network environment. Themachine may be a Personal Computer (PC), a tablet PC, a Set-Top Box(STB), a Personal Digital Assistant (PDA), a cellular telephone, a webappliance, a network router, switch or bridge, or any machine capable ofexecuting a set of instructions (sequential or otherwise) that specifyactions to be taken by that machine. Further, while only a singlemachine is illustrated, the term “machine” shall also be taken toinclude any collection of machines that individually or jointly executea set (or multiple sets) of instructions to perform any one or more ofthe methodologies discussed herein. Computer system 1400 may includeclient machines 902 and 903, computer systems 105, or networked system908.

The example computer system 1400 includes a processor 1402 (e.g., aCentral Processing Unit (CPU), a Graphics Processing Unit (GPU) orboth), a main memory 1401 and a static memory 1406, which communicatewith each other via a bus 1408. The computer system 1400 may furtherinclude a video display unit 1410 (e.g., a Liquid Crystal Display (LCD)or a Cathode Ray Tube (CRT)). The computer system 1400 also includes analphanumeric input device 1412 (e.g., a keyboard), a User Interface (UI)navigation device (e.g., a mouse), a disk drive unit 1416, a signalgeneration device 1418 (e.g., a speaker) and a network interface device1420.

The disk drive unit 1416 includes a machine-readable medium 1422 onwhich is stored one or more sets of instructions (e.g., 1421) and datastructures (e.g., software) embodying or utilized by any one or more ofthe methodologies or functions described herein. The software may alsoreside, completely or at least partially, within the main memory 1401and/or within the processor 1402 during execution thereof by thecomputer system 1400, the main memory 1401 and the processor 1402 alsoconstituting machine-readable media.

The software may further be transmitted or received over a network 1426via the network interface device 1420 utilizing any one of a number ofwell-known transfer protocols (e.g., HTTP, HTTPS).

While the machine-readable medium 1422 is shown in an example embodimentto be a single medium, the term “machine-readable medium” should betaken to include a single medium or multiple media (e.g., a centralizedor distributed database, and/or associated caches and servers) thatstore the one or more sets of instructions. The term “machine-readablemedium” shall also be taken to include any medium that is capable ofstoring, encoding or carrying a set of instructions for execution by themachine and that cause the machine to perform any one or more of themethodologies of the present invention, or that is capable of storing,encoding or carrying data structures utilized by or associated with sucha set of instructions. The term “machine-readable medium” shallaccordingly be taken to include, but not be limited to, solid-statememories, optical and magnetic media, and carrier wave signals.

Marketplace Applications

Example embodiments may be used to facilitate e-commerce usingtwo-factor authentication. For example, a user may obtain a dual tokengenerating fob and use this fob to generate OTP token values for use ine-commerce. A user could, for example, log onto the web site using theirpassword and user ID information. Upon a successful login, a user couldthen be prompted with an OTP token value in the form of a web pagedivided into two fields with the first field displaying a plurality ofvalues, such as, for example, 647888, 656888, 702346, 400789, 934377, orsome other suitable six-digit value. Seven digits, eight digits, ninedigits or some other suitable sized number is used to represent an OTPtoken value. This same web page may contain a second field containing atext box, scroll down menu, or some other type of suitable object, orwidget through which one can select the second OTP token value. Once onesuccessfully logs onto the site using these two OTP token values, onecould be free to transact commerce across the Internet. For example, onecould purchase goods, services, bid on items, or engage in otherfinancial transactions where the identity of both the user of the systemand the identity of the e-commerce by itself would be a prerequisite tothe exchange of any type of money, or other types of compensation, for agood or service.

In some embodiments, in addition to using as a dual OTP key fob 104,other types of devices could be used to secure and authenticate accessto any data across a network (e.g., the internet). For example, a clockmechanism could be a part of the software in a PDA 102 or cell phone 103such that the PDA 102 or cell phone 103 could generate two OTP tokenvalues that could then be used during the course of engaging ine-commerce. And again, a key fob with a USB plug 506 could be insertedinto a USB port. Once inserted, the dual OTP key fob 104 could thengenerate two OTP values which could then automatically be used tovalidate one's identity or verify one's identity to an site (e.g.,complete both parts of the two-factor-authentication). In the case ofusing a PDA or a cell phone, one would activate the OTP token valuegeneration algorithm in either one of these devices in order to obtainthe two OTP token values. These tokens, in any case, would have to beused within a specified time period. This set time interval of cycle maybe 30 seconds, 60 seconds, 90 seconds, or some other suitable period oftime. This period of time can be predetermined by the securedauthentication site 112 to which the OTP algorithm is synchronizedand/or the OTP clock is synchronized, or it could be determined by thesite 113 itself. This interval or cycle could be predetermined for eachdouble OTP token device such that when the device is activated, thedevice's clock would be set to a specific cycle of time (e.g., it wouldgenerate token based upon a certain cycle).

In some embodiments, a double OTP token device can be used to transactcommerce on an on-line bidding site or e-commerce 113 site such as, forexample, the EBAY™ site. Through using this device a user can verifytheir seller identity to a potential buyer, or conversely, a buyer couldauthenticate their buyer identity to a potential seller. This wouldalleviate the need for verification of a buyer/seller through theiron-line identity, or selling or buying handle. This token device mayadditionally then be used to facilitate the actual transaction or saleof goods or services, or buying of goods or services. That is, ratherthan the device being used merely to identify a buyer or seller on anauction site, such as EBAY™ such a device could be used to transactmoney across accounts being used during the course of bidding, buying orselling goods or services on such a site.

In some embodiments, a maintainer or a secured verification site 112 ofsite 113 may manufacture and sell these double OTP token devices. Thesedevices are synchronized with the various authentication servers run by,for example, RSA™ or VERISIGN™ such that, if one would like to transactbusiness on a particular site 113 they must first purchase a double OTPtoken device from the company maintaining the secured verification site112.

In some embodiments, the double OTP token device itself contains a loginand password prompt wherein a user is first prompted for login andpassword information prior to being able to access OTP token values.

In terms of power supplies, the double OTP token device is batterypowered, whereas in other embodiments as previously mentioned, it ispowered via a rechargeable battery wherein the device's USB plug 506 isinserted into a USB port and derives electrical power from this port andalso the charging of its battery or batteries via this port.

Some embodiments may include a system including a display operativelycoupled to a computer system to view a web page containing a first OTPvalue, an input device (e.g., a mouse, light pen or other suitabledevice) operative coupled to the computer system to provide input in theform of a second OTP value, and a transmitter (e.g., a network adaptorcard) operatively coupled to the computer system to facilitatetransmission of the second OTP value. The system may also include aninput device that is used to input the second OTP token value into theweb page. Some embodiments may include the system wherein the inputdevice is used to input the second OTP token value into a second webpage. The system may include the input device as a double OTP tokendevice that generates the first OTP value, and the second OTP value.Some embodiments may include the system wherein the double OTP tokendevice includes at least one of a group of including a PDA 102, cellphone 103, and dual OTP key fob 105.

A method may be described as including displaying a web page containingOTP token values, comparing a first OTP token value displayed on the webpage, with a first OTP token value displayed on a portable device,inputting a second OTP token value displayed on the portable device intothe web page, and transmitting the second OTP value. Some embodimentsmay include the method further comprising generating the first andsecond OTP token value by passing a first and second clock value througha token algorithm. The method may further include displaying the firstOTP token value on a first screen of a portable device, and displayingthe second OTP token value on a second screen of a portable device. Someembodiments may include the method further including verifying thesecond OTP token value by comparing it against an OTP token valuereceived from a third-party verification server. The method furtherincludes proceeding with a transaction once the second OTP token valueis verified.

Example embodiments may also include a computer-readable medium havinginstructions stored thereon for causing a suitably programmed computerto execute a method including displaying a web page containing OTP tokenvalues, comparing a first OTP token value displayed on the web page,with a first OTP token value displayed on a portable device, inputting asecond OTP token value displayed on the portable device into the webpage, and transmitting the second OTP value.

In some embodiments, an apparatus is described as comprising one or moreprocessors to generate a first and second OTP token value by passing afirst and second clock value through a token algorithm. Some embodimentsmay include the apparatus further including a clock operatively coupledto the one or more processors. Example embodiments may also include theapparatus wherein the clock is synchronized with another clock residingon a network. The apparatus may further comprise a display operativelycoupled to the one or more processors to show the first OTP token valueon a first screen of a portable device, and a display to show the secondOTP token value on a second screen of a portable device. Moreover, theapparatus further includes a single screen operatively coupled to theone or more processors to show the first and second OTP token values.The apparatus is described as having the first and second OTP tokenvalues to include at least one of a group of including a six digitvalue, a seven digit value, and an eight digit value. The apparatusfurther comprises a first button that when pressed generates the firstOTP value, and a second button that when pressed generates a second OTPvalue, wherein the first and second button are operatively coupled tothe one or more processors. Additionally, the apparatus can be describedas further comprising a key ring to allow the apparatus to beoperatively coupled to a set of keys.

Some embodiments may include an apparatus comprising means fordisplaying a web page containing OTP token values, means for comparing afirst OTP token value displayed on the web page, with a first OTP tokenvalue displayed on a portable device, means for inputting a second OTPtoken value displayed on the portable device into the web page, andmeans for transmitting the second OTP value.

A system is illustrated as including an OTP device operatively coupledto a computer system to receive data from the computer system, and aserver operatively coupled to the computer system via a networkconnection, wherein the OTP device includes a device selected from thegroup consisting of a dual OTP token Device, cell phone, and PDA.Moreover, the data may be current time data. Further, the OTP device maybe operatively coupled to the computer system via a USB, wherein the USBtransmits and receives data through a Blue Tooth connection.

A method is illustrated as including receiving a request to get currenttime from an OTP device, transmitting the current time across a networkto the OTP device, and updating a clock in the OTP device to reflect thecurrent time. Additionally, the method further includes requesting thecurrent time from an authentication server over a network connection,wherein the network connection is a Blue Tooth connection. Additionally,the method further includes sending a current time request to a firstport via the network connection, wherein the current time request isprocessed by a clock application. Moreover, the method further includestransmitting the current time to a second port.

A computer-readable medium having instructions stored thereon is alsoillustrated for causing a suitably programmed computer to execute amethod including a first set of instructions to receive a requestrelating to current time from an OTP device, a second set ofinstructions to transmit the current time to the OTP device, and a thirdset of instructions to update a clock in the OTP device to reflect thecurrent time.

An apparatus is illustrated comprising one or more processors togenerate two or more clock values, pass these two or more clock valuesthrough a hashing function to generate two or more OTP tokens, displaythese two or more OTP tokens on a screen, transmit data through a USB,and receive data through a USB, wherein the one or more processorstransmit data through a Blue Tooth enabled transmitter, and receive datathrough a Blue Tooth enabled receiver. Further, the apparatus mayinclude the one or more processors receiving electrical power throughthe USB, wherein the one or more processors control the recharging ofone or more batteries. Additionally, the apparatus may include the oneor more processors controlling the use of one or more buttons used toobtain two or more OTP tokens.

A method is illustrated as including initiating a TCP/IP connection,requesting a current time, receiving the current time, and updating aclock to reflect the current time. Additionally, the method may includesending the current time request to a specific port, receiving thecurrent time request by a clock application, and transmitting thecurrent time to a port.

An apparatus is illustrated as including means for initiating a TCP/IPconnection, means for requesting a current time, means for receiving thecurrent time, and means for updating a clock to reflect the currenttime.

It is to be understood that the above illustration is intended to beillustrative, and not restrictive. Although numerous characteristics andadvantages of various embodiments as described herein have been setforth in the foregoing illustration, together with details of thestructure and function of various embodiments, many other embodimentsand changes to details is apparent to those of skill in the art uponreviewing the above illustration. The scope of the invention should be,therefore, determined with reference to the appended claims, along withthe full scope of equivalents to which such claims are entitled. In theappended claims, the terms “including” and “in which” are used as theplain-English equivalents of the respective terms “comprising” and“wherein,” respectively. Moreover, the terms “first,” “second,” and“third,” etc., are used merely as labels, and are not intended to imposenumerical requirements on their objects.

The Abstract of the Disclosure is provided to comply with 37 C.F.R.§1.72(b), requiring an abstract that may allow the reader to quicklyascertain the nature of the technical disclosure. It is submitted withthe understanding that it may not be used to interpret or limit thescope or meaning of the claims. In addition, in the foregoing DetailedIllustration, it can be seen that various features are grouped togetherin a single embodiment for the purpose of streamlining the disclosure.This method of disclosure is not to be interpreted as reflecting anintention that the claimed embodiments require more features than areexpressly recited in each claim. Rather, as the following claimsreflect, inventive subject matter lies in less than all features of asingle disclosed embodiment. Thus the following claims are herebyincorporated into the Detailed Illustration, with each claim standing onits own as a separate embodiment.

What is claimed is:
 1. A system comprising: one or more hardwareprocessors of a server of a site being accessed by a user; and a storagedevice storing instructions that, when executed by the one or morehardware processors, causes the one or more hardware processors toperform operations comprising: receiving and verifying, at the server ofthe site, credentials of the user accessing the site; in response toverifying the credentials of the user, transmitting, by the server ofthe site, a request to an authentication server for a first token valuecorresponding to the user; receiving, at the server of the site, thefirst token value generated by the authentication server; and causing acomputing device of the user to display a list of token valuestransmitted by the server of the site, the list of token valuesincluding the first token value and at least one further randomlygenerated value, the list of token values to be presented at the sametime on the computing device, the list of token values to be compared toa token value generated by a password device associated with thecomputing device to determine whether the token value generated by thepassword device is included in the list of token values, a match in thetoken value generated by the password device to the first token value inthe list of token values providing authentication of the server of thesite to the user.
 2. The system of claim 1, wherein the operationsfurther comprise transmitting a message to the computing device thatrequests the user to obtain the token value generated by the passworddevice.
 3. The system of claim 1, wherein the operations furthercomprise receiving a second token value from the computing device of theuser, the second token value being generated by the password device. 4.The system of claim 3, wherein the operations further comprise:transmitting the second token value to the authentication server forverification; receiving an indication, from the authentication server,that the second token value is verified; and in response to receivingthe indication, allowing the computing device of the user to perform anaction with the site.
 5. The system of claim 3, wherein: the list ispresented on a web page of the site; and the receiving of the secondtoken value is via a field displayed on the web page of the site.
 6. Thesystem of claim 3, wherein the operations further comprise: obtaining aset of one or more token values from the authentication server;comparing the second token value to the set of one or more token valuesobtained from the authentication server; and in response to a matchbetween the second token value and a token value from the set of one ormore token values obtained from the authentication server, allowing thecomputing device of the user to perform an action with the site.
 7. Thesystem of claim 1, wherein the password device comprises a clocksynchronized to a clock of the authentication server.
 8. A methodcomprising: receiving and verifying, at a server of a site, credentialsof a user accessing the site; in response to verifying the credentialsof the user, transmitting, by the server of the site, a request to anauthentication server for a first token value corresponding to the user;receiving, at the server of the site, the first token value generated bythe authentication server; and causing, by a hardware processor of theserver of the site, a computing device of the user to display a list oftoken values transmitted by the server of the site, the list of tokenvalues including the first token value and at least one further randomlygenerated value, the list of token values to be presented at the sametime on the computing device, the list of token values to be compared toa token value generated by a password device associated with thecomputing device to determine whether the token value generated by thepassword device is included in the list of token values, a match in thetoken value generated by the password device to the first token value inthe list of token values providing authentication of the server of thesite to the user.
 9. The method of claim 8, further comprisingtransmitting a message to the computing device that requests the user toobtain the token value generated by the password device.
 10. The methodof claim 8, further comprising receiving a second token value from thecomputing device of the user, the second token value being generated bythe password device.
 11. The method of claim 10, further comprising:transmitting the second token value to the authentication server forverification; receiving an indication, from the authentication server,that the second token value is verified; and in response to receivingthe indication, allowing the computing device of the user to perform anaction with the site.
 12. The method of claim 10, wherein: the list ispresented on a web page of the site; and the receiving of the secondtoken value is via a field displayed on the web page of the site. 13.The method of claim 10, further comprising: obtaining a set of one ormore token values from the authentication server; comparing the secondtoken value to the set of one or more token values obtained from theauthentication server; and in response to a match between the secondtoken value and a token value from the set of one or more token valuesobtained from the authentication server, allowing the computing deviceof the user to perform an action with the site.
 14. The method of claim8, wherein the password device comprises a clock synchronized to a clockof the authentication server.
 15. A tangible machine-readable storagedevice storing instructions which, when executed by one or more hardwareprocessors of a machine of a site being accessed by a user, cause themachine to perform operations comprising: receiving and verifyingcredentials of a user accessing the site; in response to verifying thecredentials of the user, transmitting a request to an authenticationserver for a first token value corresponding to the user; receiving thefirst token value generated by the authentication server; and causing acomputing device of the user to display a list of token valuestransmitted by the server of the site, the list of token valuesincluding the first token value and at least one further randomlygenerated value, the list of token values to be presented at the sametime on the computing device, the list of token values to be compared toa token value generated by a password device associated with thecomputing device to determine whether the token value generated by thepassword device is included in the list of token values, a match in thetoken value generated by the password device to the first token value inthe list of token values providing authentication of the server of thesite to the user.
 16. The tangible machine-readable storage device ofclaim 15, wherein the operations further comprise receiving a secondtoken value from the computing device of the user, the second tokenvalue being generated by the password device.
 17. The tangiblemachine-readable storage device of claim 16, wherein the operationsfurther comprise: transmitting the second token value to theauthentication server for verification; receiving an indication, fromthe authentication server, that the second token value is verified; andin response to receiving the indication, allowing the computing deviceof the user to perform an action with the site.
 18. The tangiblemachine-readable storage device of claim 16, wherein: the list ispresented on a web page of the site; and the receiving of the secondtoken value is via a field displayed on the web page of the site. 19.The tangible machine-readable storage device of claim 16, furthercomprising: obtaining a set of one or more token values from theauthentication server; comparing the second token value to the set ofone or more token values obtained from the authentication server; and inresponse to a match between the second token value and a token valuefrom the set of one or more token values obtained from theauthentication server, allowing the computing device of the user toperform an action with the site.
 20. The tangible machine-readablestorage device of claim 15, wherein the password device comprises aclock synchronized to a clock of the authentication server.